package cn.com.demo.shiro.config;

import cn.com.demo.shiro.entity.TShiroUser;
import cn.com.demo.shiro.service.UserService;
import cn.com.demo.shiro.util.MD5;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

/**
 * 自定义域，完成认证及授权过程
 */
@Component
public class UserRealm extends AuthorizingRealm {
    @Autowired
    private UserService userService;

    /**
     * 授权
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        // 拿到当前用户
        Subject subject = SecurityUtils.getSubject();
        TShiroUser user  = (TShiroUser) subject.getPrincipal();
        // 设置权限
        simpleAuthorizationInfo.setStringPermissions(userService.getUserPermission(user.getId()));
        return simpleAuthorizationInfo;
    }

    /**
     * 认证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        if(StringUtils.isEmpty(token.getUsername())){
            // 用户名为空
            return null;
        }
        TShiroUser user = userService.getUserByUserName(token.getUsername());
        if(user == null) {
            return null;
        }
        return new SimpleAuthenticationInfo(user,user.getPassword(),"");
    }

    /**
     * 密码匹配器
     * @return
     */
    @Override
    public CredentialsMatcher getCredentialsMatcher() {

        return new CredentialsMatcher() {
            @Override
            public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
                UsernamePasswordToken utoken = (UsernamePasswordToken) authenticationToken;
                //获得用户输入的密码
                String formPassword = new String(utoken.getPassword());
                //获得数据库中的密码
                String dbPassword = (String) authenticationInfo.getCredentials();
                try {
                    formPassword = MD5.encrypt(formPassword);
                    return dbPassword.equalsIgnoreCase(formPassword);
                } catch (Exception e) {
                    e.printStackTrace();
                    return false;
                }
            }
        };
    }
}
